Sending syslog to another machine
Rick Stevens
ricks at nerd.com
Mon Dec 1 21:43:00 UTC 2008
Bill Davidsen wrote:
> Mikkel L. Ellertson wrote:
>> lanas wrote:
>>> Basically rsyslog works like syslog, but adds a few more options. So
>>> simply specify the server (and optional port) to start with and make a
>>> few tests by using the logger utility.
>>> *.* @@remote-host:514
>>>
>>> Replace remote-host with your remote syslog. 514 is the default
>>> well-known syslog port so unless you have set up something else, you
>>> can leave it there.
>>>
>>> Don't forget to restart/reload rsyslog (or any other syslog daemon for
>>> that matter) after doing configuration changes. This sometimes can be
>>> done by simply sending the daemon a HUP signal:
>>>
>>> killall -HUP daemon
>>>
>>> or by restarting it altogether:
>>>
>>> /etc/init.d/daemon restart
>>>
>>> Hope this helps.
>> Don't forget to configure the host you are logging to so that it
>> will accept logging from an outside machine. By default, it probably
>> doesn't.
>>
> Don't know about the syslog daemon, but it looks as if the firewall
> rules don't. The good think about using a syslog machine is that the
> *times* match, the bad thing is that it's a single point of failure, and
> network connected as well. So for debugging network issues it's
> suboptimal. ;-)
By default, most firewalls don't permit syslog, so you have to open
UDP port 514 on the receiving machine.
Also, both the old syslogd and the newer rsyslogd have to have the "-r"
option specified for them to actually listen to the network (the "-r"
can also have a port number appended, e.g. "-r 514"). Not sure about
ng-syslog, but I suspect the same is true.
On Red Hattish machines, options are passed to the syslog daemon by
values stuffed into the "SYSLOGD_OPTIONS" line of either the
"/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on
which syslog daemon you're running. By default, you'll find
SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog)
SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)
Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a
"service syslog restart". It should start listening to the network.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- When in doubt, mumble. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list